Developing on a grsec kernel
Posted: Tue Jan 20, 2015 7:59 am
Is it sensible to run grsec on a developers machine, where I have ever changing and writable executables? I played around with the policies and I haven't found a sound way to support a "developers playground". If I understand gresc correctly, I would have to manage a subject for every executable that I compile? It also disallowed vim me to call a self compiled library:
How would you do that?
- Code: Select all
grsec: (<user>:U:/usr/bin/vim) denied load of writable library /home/<user>/.vim/bundle/YouCompleteMe/third_party/ycmd/ycm_client_support.so by /usr/bin/vim[vim:26090] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/zsh[zsh:24799] uid/euid:1000/1000 gid/egid:1000/1000
How would you do that?